From 574e2eb9a565b953b5a02268f2d464752ba39d3a Mon Sep 17 00:00:00 2001 From: nessi Date: Sun, 15 Feb 2026 10:32:44 +0100 Subject: [PATCH] Ensure valid Docker Hub namespace in release workflow Added validation to normalize input, reject invalid namespaces, and check for proper formatting in the Docker Hub namespace. This prevents configuration mistakes and ensures compliance with naming requirements. --- .github/workflows/docker-release.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 3e98ec8..32ad6e2 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -51,10 +51,28 @@ jobs: if [ -z "$NS" ]; then NS="${{ secrets.DOCKERHUB_USERNAME }}" fi - if [ -z "$NS" ]; then + + # Normalize accidental input like spaces or uppercase. + NS="$(echo "$NS" | tr '[:upper:]' '[:lower:]' | xargs)" + + # Reject clearly invalid placeholders/config mistakes early. + if [ -z "$NS" ] || [ "$NS" = "-" ]; then echo "Missing Docker Hub namespace. Set repo var DOCKERHUB_NAMESPACE or secret DOCKERHUB_USERNAME." exit 1 fi + + # Namespace must be a single Docker Hub account/org name, not a path/url. + if [[ "$NS" == *"/"* ]] || [[ "$NS" == *":"* ]]; then + echo "Invalid Docker Hub namespace '$NS'. Use only the account/org name (e.g. 'nesterovicit')." + exit 1 + fi + + if ! [[ "$NS" =~ ^[a-z0-9]+([._-][a-z0-9]+)*$ ]]; then + echo "Invalid Docker Hub namespace '$NS'. Allowed: lowercase letters, digits, ., _, -" + exit 1 + fi + + echo "Using Docker Hub namespace: $NS" echo "value=$NS" >> "$GITHUB_OUTPUT" - name: Set up Docker Buildx